Super
Admin
|
Access to
all functionality within Device Manager (all functionality listed in this
table).
|
Authorised
Access
|
Access to
the Admin console and/or the Self Help Portal, as well as device access for
remote support and remote support access:
- Admin
Console Access
- Self
Help Portal Access
- Device Access (when Remote Support is enabled)
- Remote Support
|
Dashboard
|
Access to
view all of the Device Manager Dashboard and the ability to customize the
Dashboard. In order to perform actions in the Dashboard, however, such as send
notification, wipe/selective wipe, revoke, locate, and so on, a user must be
granted those specific permissions. Also, if a user is restricted from viewing
specific groups, the devices that belong to users in those blocked groups will
not appear in the Dashboard.
|
Devices
|
Access to
the
Devices tab and the ability to perform general
device management tasks, such as connecting to iOS devices, importing devices,
editing device properties, locating, locking/unlocking, revoking, wiping, and
selectively wiping a device. Specific permissions include:
- Full wipe device
- Selective wipe device
- View
locations - when selected, users can see location and locate/track device.
Includes:
- Locate device
- Track device
- Lock device
- Unlock device
- Deploy to a Device - allows you to push a deployment package to
a device.
- Edit device properties
- Notification to a device - gives you the ability to select a
notification template, send ad-hoc notifications to a device or group of
devices from the devices tab using email, SMS, or agent push notifications.
- Add/Delete device
- Devices import
- Revoke device
- View
Software Inventory - when selected, user is allowed to view a device software
inventory.
|
Users
|
Ability
create users and groups. Includes the following permissions:
- Add/delete groups
- Add/delete users
- Edit
a user's property
- Can
manage admin users
- Users
import - ability to import list of users from a file
|
Enrollment
|
Access to
the
Options dialog all functionality related to
enrollment, including setting default enrollment modes, configuring enrollment
notification servers (SMTP/SMS Gateway), modifying and creating enrollment
templates, and sending enrollment notifications. Includes the following
permissions:
- Edit
enrollment
- Notify user
|
Policies
|
Access to
the Policies tab and all features related to defining and implementing
policies, such as security and password policies, Exchange ActiveSync polies,
app tunneling (Windows and Android), server groups, registry configurations
(Windows), configurations, applications access (blacklist/whitelist),
Sharepoint policies, and more. Includes the following permissions:
- Add/delete policy
- Edit
policy
- Download policies
- Apply
policies (deploy polices in a deployment package)
|
Files
|
Access to
the
Files tab and adding, deleting, and downloading
files. Includes the following permissions:
- Add/delete files
- Edit
files
- Download files
|
Applications
|
Allows access to the Applications tab, where you can upload and
define applications and create application categories to organize the apps you
want to deploy to users' devices. Includes the following permissions:
- Add/delete applications
- Edit
applications
- Application download
- Manage category (create custom app categories for organization)
|
Deployment
|
Access to
the
Deployment tab and all functionality related to
device deployment, such as the ability to create, edit, deploy, and delete
packages. Includes the following permissions:
- Add/delete package
- Edit
package
- Deploy packages
|
Reporting
|
Access to
the
Reporting tab and the ability to run and view Device
Manager reports.
|
About
|
Access to
the
About tab features:
- Edit and upload an APNS
certificate
- Edit XenMobile MDM license
- Connections information -
provides visibility into server related information, such as security
parameters, JVM information, and system health.
|
Options
|
The
Options feature provides a user access to the
Options dialog box and the following features in the
Options dialog box:
- Role-Based Access Control
- LDAP
- Mobile Service Provider
- ActiveSync Gateway
- Network Access Control
- AppC
WebServices API
- GoToAssist
- PKI
Entity
- Scheduling
- Security
- General service parameters
Note: If
you want this role to have access to the Remote-Based Access Control feature,
you need to specifically select the
Remote-Based Access Control option in the dialog
box.
|
Restrict
Group Access
|
Allows you
to associate groups with the current role. When a group is associated with a
role, users in that group can only see devices associated with that group. If a
user belongs to more than one group, and some of those groups provide a range
or permissions, all permissions related to all groups are merged into the role.
|